Security News

A previously unknown advanced persistent threat is targeting iOS devices as part of a sophisticated and long-running mobile campaign dubbed Operation Triangulation that began in 2019. "The targets are infected using zero-click exploits via the iMessage platform, and the malware runs with root privileges, gaining complete control over the device and user data," Kaspersky said.

The Google Smart Lock application for iOS can use your iPhone as a security key to lock down your Google Account to provide extra security above and beyond two-factor authentication.In this tutorial, I'll show you how to set up this Smart Lock app and use it to lock down your Google Account's 2FA support.

Microsoft is rolling out Phone Link for iOS to all Windows 11 and iPhone users, with the rollout expected to complete by mid-May. The Phone Link app is designed to enable users to connect from their PC to Android and iOS devices via a Wi-Fi connection. "Today, we are excited to announce that Microsoft Phone Link for iOS on Windows 11 is beginning to rollout to our global audience in 39 languages across 85 markets," said Ali Akgun, Corporate Vice President of Software Engineering for Microsoft Devices.

CitizenLab has identified three zero-click exploits against iOS 15 and 16. These were used by NSO Group's Pegasus spyware in 2022, and deployed by Mexico against human rights defenders.

Apple rolled out patches on Good Friday to its iOS, iPadOS, and macOS operating systems and the Safari web browser to address vulnerabilities found by Google and Amnesty International that were exploited in the wild. The updates are to iOS 16.4.1, iPadOS 16.4.1, Safari 16.4.1, and macOS 13.3.1.

Apple on Friday released security updates for iOS, iPadOS, macOS, and Safari web browser to address a pair of zero-day flaws that are being exploited in the wild. Apple said it addressed CVE-2023-28205 with improved memory management and the second with better input validation, adding it's aware the bugs "May have been actively exploited."

A group of academics from Northeastern University and KU Leuven has disclosed a fundamental design flaw in the IEEE 802.11 Wi-Fi protocol standard, impacting a wide range of devices running Linux, FreeBSD, Android, and iOS. Successful exploitation of the shortcoming could be abused to hijack TCP connections or intercept client and web traffic, researchers Domien Schepers, Aanjhan Ranganathan, and Mathy Vanhoef said in a paper published this week. Besides manipulating the security context to leak frames from the queue, an attacker can override the client's security context used by an access point to receive packets intended for the victim.

A number of zero-day vulnerabilities that were addressed last year were exploited by commercial spyware vendors to target Android and iOS devices, Google's Threat Analysis Group has revealed. Upon clicking, the URLs redirected the recipients to web pages hosting exploits for Android or iOS, before they were redirected again to legitimate news or shipment-tracking websites.

Google's Threat Analysis Group discovered several exploit chains using Android, iOS, and Chrome zero-day and n-day vulnerabilities to install commercial spyware and malicious apps on targets' devices. The attackers targeted iOS and Android users with separate exploit chains as part of a first campaign spotted in November 2022.

Happy belated Patch Tuesday from Cupertino: Apple has issued security updates for almost every piece of code it slings - including a fix for a vulnerability in older iOS devices the iGiant believes is under attack right now. The US government's Cybersecurity and Infrastructure Security Agency logged the WebKit type confusion flaw in its Known Exploited Vulnerabilities Catalog on February 14, a day after Apple patched the issue in macOS Ventura, Safari 16 on macOSes Big Sur and Monterey, and iOS 16.